According to openEuler, the Euler open source community has repaired the Log4j high-risk security vulnerability (CVE-2021-44228) and issued a security bulletin. You can fix the vulnerability by updating the security patch of openEuler 20.03 LTS SP1 / SP2 Log4j.
The OpenEuler Open Source Community Security Committee quickly started the vulnerability impact analysis after sensing the Log4j security vulnerabilities for the first time. The Euler open source community completed the number of software and system versions affected by the Log4j vulnerability overnight and confirmed that the affected LTS system version was openEuler 20.03 LTS SP1 / SP2.
Repair progress timeline
09:47, December 10th-Vulnerability awareness: Log4j software warehouse received the vulnerability issue CVE-2021-44228
15:22, December 10th-Vulnerability investigation: complete the number of software and system versions affected by Log4j
At 18:22, December 10th-Preliminary repair plan: The repair plan is initially determined to upgrade the Log4j version, and SPEC file adaptation and compilation error handling are being done.
December 10th 22:16 — Final repair plan: During the upgrade of Log4j, it was discovered that the compilation of the new version may involve changes to the Maven and Java versions, and there are many problems that need to be resolved. The Logo4j upstream community has provided a patch repair method, the adaptation has been completed, the preliminary compilation is successful, and the repair plan is determined to be a patch repair.
14:46, December 11-Patch verification: POC code verification passed, and is being merged into the official branch.
At 20:08, December 11th-Patch release: openEuler 20.03 LTS SP1 / SP2 Log4j security patch has been released.
At 22:47, December 11th-Security bulletin release: Log4j security bulletin has been released, click here to view.
(Via)
